Integrating Intelligent Anomaly Detection Agents - PowerPoint PPT Presentation

1 / 1
About This Presentation
Title:

Integrating Intelligent Anomaly Detection Agents

Description:

10. Detecting network faults using kernel and user-space detectors with the Ganglia framework ... system was used as a test bed for integration case studies. ... – PowerPoint PPT presentation

Number of Views:24
Avg rating:3.0/5.0
Slides: 2
Provided by: tiborp
Category:

less

Transcript and Presenter's Notes

Title: Integrating Intelligent Anomaly Detection Agents


1
Integrating Intelligent Anomaly Detection
Agents into a Distributed Monitoring
System German Florez-Larrahondo, Zhen Liu, Dr.
Susan M. Bridges and Dr. Rayford Vaughn The
Center for Computer Security Research,
Mississippi State University gf24,zliu, bridges,
vaughn _at_cse.msstate.edu
This project integrates intelligent anomaly
detection agents into a traditional monitoring
systems for high performance distributed systems.
Machine learning techniques are used to build
intelligent agents that profile normal behavior
as seen in sequences of operating system calls
(kernel-level monitoring) and function calls
(user-level monitoring) generated by an
application. The Ganglia monitoring system was
used as a test bed for integration case studies.
Mechanisms provided by Ganglia make it relatively
easy to integrate anomaly detection systems and
to visualize the output of the agents. The
results provided demonstrate that the integrated
intelligent agents can detect the execution of
unauthorized applications and network faults
which are not obvious in the standard output from
the monitoring system.
4. A two-state Hidden Markov Model with 3 symbols
2. The Ganglia System Architecture
1. A sequence of events over time
3. A two-layer feed-forward neural network
Audit events, Network packets, User
commands, Application Library Calls, Operating
System Calls,
5. Architectures used to monitor system calls
(in kernel space) and function calls (in user
space)
7. Ganglia standard measures supplemented with a
user-space detector
6. Some Ganglia standard measures for a parallel
program
An unauthorized application is being executed.
Machine learning-based detectors clearly
identify the anomaly
Difficult to recognize useful patterns for a
specific program
8. Detecting unauthorized applications with
user-space detectors within the Ganglia framework
9. Detecting network faults with user-space
detectors within the Ganglia framework
10. Detecting network faults using kernel and
user-space detectors with the Ganglia framework
M. L. Massie, B. N. Chun, and D. E. Culler, The
Ganglia distributed monitoring system Design,
implementation, and experience, Accepted for
publication in Parallel Computing, 2004,
http//ganglia.sourceforge.net/talks/parallelcomp
uting/gangliatwocol.pdf.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Integrating Intelligent Anomaly Detection Agents" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!